diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2021-02-21 13:06:08 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2021-02-21 13:06:08 -0800 |
| commit | 4a037ad5d115b2cc79a5071a7854475f365476fa (patch) | |
| tree | e456c2eee7b3de32e34612370ce9120af4525ddc /arch | |
| parent | d310ec03a34e92a77302edb804f7d68ee4f01ba0 (diff) | |
| parent | 871997bc9e423f05c7da7c9178e62dde5df2a7f8 (diff) | |
| download | linux-4a037ad5d115b2cc79a5071a7854475f365476fa.tar.gz | |
Merge tag 'for-linus-5.12-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip
Pull xen updates from Juergen Gross: "A series of Xen related security fixes, all related to limited error handling in Xen backend drivers" * tag 'for-linus-5.12-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: xen-blkback: fix error handling in xen_blkbk_map() xen-scsiback: don't "handle" error by BUG() xen-netback: don't "handle" error by BUG() xen-blkback: don't "handle" error by BUG() xen/arm: don't ignore return errors from set_phys_to_machine Xen/gntdev: correct error checking in gntdev_map_grant_pages() Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() Xen/x86: don't bail early from clear_foreign_p2m_mapping()
Diffstat (limited to 'arch')
| -rw-r--r-- | arch/arm/xen/p2m.c | 6 | ||||
| -rw-r--r-- | arch/x86/xen/p2m.c | 15 |
2 files changed, 11 insertions, 10 deletions
diff --git a/arch/arm/xen/p2m.c b/arch/arm/xen/p2m.c index e52950a43f2e..fd6e3aafe272 100644 --- a/arch/arm/xen/p2m.c +++ b/arch/arm/xen/p2m.c @@ -95,8 +95,10 @@ int set_foreign_p2m_mapping(struct gnttab_map_grant_ref *map_ops, for (i = 0; i < count; i++) { if (map_ops[i].status) continue; - set_phys_to_machine(map_ops[i].host_addr >> XEN_PAGE_SHIFT, - map_ops[i].dev_bus_addr >> XEN_PAGE_SHIFT); + if (unlikely(!set_phys_to_machine(map_ops[i].host_addr >> XEN_PAGE_SHIFT, + map_ops[i].dev_bus_addr >> XEN_PAGE_SHIFT))) { + return -ENOMEM; + } } return 0; diff --git a/arch/x86/xen/p2m.c b/arch/x86/xen/p2m.c index 3301875dd196..b5949e5a83ec 100644 --- a/arch/x86/xen/p2m.c +++ b/arch/x86/xen/p2m.c @@ -712,7 +712,8 @@ int set_foreign_p2m_mapping(struct gnttab_map_grant_ref *map_ops, unsigned long mfn, pfn; /* Do not add to override if the map failed. */ - if (map_ops[i].status) + if (map_ops[i].status != GNTST_okay || + (kmap_ops && kmap_ops[i].status != GNTST_okay)) continue; if (map_ops[i].flags & GNTMAP_contains_pte) { @@ -750,17 +751,15 @@ int clear_foreign_p2m_mapping(struct gnttab_unmap_grant_ref *unmap_ops, unsigned long mfn = __pfn_to_mfn(page_to_pfn(pages[i])); unsigned long pfn = page_to_pfn(pages[i]); - if (mfn == INVALID_P2M_ENTRY || !(mfn & FOREIGN_FRAME_BIT)) { + if (mfn != INVALID_P2M_ENTRY && (mfn & FOREIGN_FRAME_BIT)) + set_phys_to_machine(pfn, INVALID_P2M_ENTRY); + else ret = -EINVAL; - goto out; - } - - set_phys_to_machine(pfn, INVALID_P2M_ENTRY); } if (kunmap_ops) ret = HYPERVISOR_grant_table_op(GNTTABOP_unmap_grant_ref, - kunmap_ops, count); -out: + kunmap_ops, count) ?: ret; + return ret; } EXPORT_SYMBOL_GPL(clear_foreign_p2m_mapping); |